search

imberezin / google-cast-sdk

Automatically exported from code.google.com/p/google-cast-sdk
0 stars 0 forks source link

CORS headers are not send when provided m3u8 playlist urls results in a redirect #736

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Providing a URL like:
http://ys-vod.ds.cdn.yousee.tv/iPhone/iPhone-src/vod/clear/trailer/SB_17001_TR/S
B_17001_TR_Low_fix.m3u8

which returns 302 to a different location the orignial CORS headers is not 
passed along the redirect.

What steps will reproduce the problem?
1. Pass along the HLS playlist URL stated above to a chromecast receiver app
2. In a attached remote debugger follow how the URL is processed network wise.

What is the expected output?

The receiver app will follow the redirect and start the streaming

What do you see instead?
The receiver app crashes and in the debug console it is complaining that the 
that the CORS headers doesn't match the origin.

What version of the product are you using? On what operating system?
A which refers the google hosted media_player.js files
Any app that can send the above URL

Please provide any additional information below.
I have provided screenshots of the network traffic, which tells that the CORS 
headers isn't passed along

The following snippet is from the debig console on the receiver app:
XMLHttpRequest cannot load 
http://boa-a6-cds-se1.se.ys-vod.ds.cdn.yousee.tv/iPhone/iPhone-src/vod/clear/tra
iler/SB_17001_TR/SB_17001_TR_Low_fix.m3u8. The 'Access-Control-Allow-Origin' 
header has a value 'https://s3-eu-west-1.amazonaws.com' that is not equal to 
the supplied origin. Origin 'null' is therefore not allowed access.

media_player.js:21 [447.142s] [cast.player.api.Host] error: 
cast.player.api.ErrorCode.NETWORK

Original issue reported on code.google.com by jacobvon...@gmail.com on 13 Jan 2016 at 3:34

Attachments:

GoogleCodeExporter commented 8 years ago 
Actually the title is a bit misleading as it is the origin that isn't added as 
requestheader to the redirect URL

Original comment by jacobvon...@gmail.com on 14 Jan 2016 at 8:49

GoogleCodeExporter commented 8 years ago 
On stackoverflow this is discussed and it seem to work as intended - following 
the specs :-(
http://stackoverflow.com/questions/22397072/are-there-any-browsers-that-set-the-
origin-header-to-null-for-privacy-sensitiv

Original comment by jacobvon...@gmail.com on 14 Jan 2016 at 9:37

GoogleCodeExporter commented 8 years ago 
Closing this ticket since it's working as intended.

Original comment by jonathan...@google.com on 14 Jan 2016 at 6:46